Macsploitation Class

Vincenzo Iozzo & Dino Dai Zovi

USA 2011 Weekend Training Session //July 30-31

USA 2011 Weekday Training Session //August 1-2

Overview:

This two-day course will take students through the complete process of finding and exploiting vulnerabilities in and on Mac OS X, highlighting the unique aspects of the operating system that vulnerability researchers must be aware of. Each unit of the course includes lecture and lab sessions designed to give students the background they need and then the opportunity to get hands-on experience applying those techniques.

What you will learn:

The course begins with an introduction to Mac OS X, covering the
system architecture as well as key topics such as the XNU kernel,
Mach-O binary executable format, and Objective-C. We will also
examine the security features and infrastructure of the operating
system, including defenses against exploitation and privilege
escalation.

The rest of the first day focuses on the in-depth examination of the
system through reverse engineering of Objective-C applications and
development of Mach-based system tools. Through combining both
reverse engineering and Mach-based development, students will develop
injectible bundles that hook interesting Objective-C methods in real
Cocoa applications. These techniques can be used to identify
vulnerabilities deep down within large applications.

The second day of the course covers exploitation of security
vulnerabilities, covering debugging, exploitation vectors, and
payloads. Students will use gdb, IDA Pro, and BinNavi to dynamically
examine rich applications and debug exploitation of stack and heap
memory corruption vulnerabilities. After students have learned
hands-on how to exploit these vulnerabilities, the course will cover
OS X payloads and payload techniques. The exploitation labs will be
complementary so that students develop their own payloads for their
exploit of a vulnerability in a demonstration web browser plugin.

Who Should Take This Class?

Anyone interested in or responsible for vulnerability and/or malware
analysis on the Mac OS X platform.

What to bring:

An Intel-based Mac OS X system

Vmware Fusion (or equivalent) with Windows XP

IDA Pro,

Apple Developers Tools.

Possibly BinNavi with GdbAgent, but not mandatory.

What you get:

Students will receive full printed materials for the course as well as
the source code and exploits for all demonstrations and examples.

Prerequisites

Knowledge of C, Gdb and IDA Pro

Suggested: knowledge of the basics of Vulnerability Research and an understanding of X86 assembly.

Trainer:

Vincenzo Iozzo is a student at the Politecnico di Milano where he does some research regarding malware and IDS. He is involved in a number of open source projects, including FreeBSD due to Google Summer of Code. He also works as a security consultant for Secure Network, an Italian company, and as a reverse engineer for Zynamics. Additionally he spoke in a number of security conferences including Black Hat, EuSecWest and DeepSec.

Dino Dai Zovi has been working in information security for over 9 years with experience in red teaming, penetration testing, and software security assessments at Sandia National Laboratories, @stake, and Matasano Security. Mr. Dai Zovi is also a regular speaker at information security conferences including presentations of his research on MacOS X security, hardware virtualization assisted rootkits using Intel VT-x, 802.11 wireless client security, and offensive security techniques at Black Hat USA, Microsoft Blue Hat, CanSecWest, the USENIX Workshop on Offensive Technology, and DEFCON. He is a co-author of "The Mac Hacker's Handbook" (Wiley 2008) and "The Art of Software Security Testing" (Addison-Wesley Professional 2006). He is perhaps best known in the information security and Mac communities for discovering the vulnerability and writing the exploit to win the first PWN2OWN contest at CanSecWest 2007.